Change is hard—but managing change is often harder.
We see change every day—at work, at home and throughout the world we interact with.
Some changes are quite noticeable—“When did we get a new coffee machine?”—while others are more subtle.
Maybe you’ve been shopping for paper towels and your eye wanders toward fancy new packaging for your preferred paper product that touts a “New and Improved” look and design. It caught your attention, but the difference between it and the “old” product is as clear as mud. You just hope the improved version still cleans up those mud stains on the floor and the occasional coffee spill from that new coffeemaker. Or perhaps you saw a notification on your cellphone that explains how the software was upgraded from iOS 13.3 to iOS 13.3.1. Besides being “one better,” there’s clearly something that has been changed. But unless you’re a tech geek, you’re probably not going to notice what that something is.
These are simple examples that don’t speak to the complexities we see in industry when it comes to Management of Change. The problem is many companies don’t fully understand the ramifications of a “simple” change. Take a ball valve. It’s a small part that we use every day when we turn on a faucet. Industry uses them, too, en masse. But like anything else, ball valves—or any type of valve for that matter—have a shelf life. Perhaps it will last 100,000 cycles or more, but eventually it will need to be replaced. No problem, unless, of course, you have trouble finding the exact same ball valve. Even if you do find that exact part, a risk assessment still needs to be performed. Older equipment can mean harder-to-find parts. So maybe you switch to a globe valve instead. They’re similar parts, but a globe valve uses a plug to close against the flow while a ball valve closes across the flow.
After you’ve drawn a red cloud around the valve on your piping and instrumentation diagram (P&ID) to show where the replacement was made, you do a quick risk assessment to discuss what happens when the valve malfunctions open and when the valve malfunctions closed. You decide there are no major issues, you put the P&ID away and your work is done. You’ve done your due diligence and managed the change. Or have you?
Keep in mind that as far as hazardous scenarios and risks are concerned, you have only assessed the “cause” part of the equation. Remember that the valve you are replacing is on a pipe in your plant, and how that line is connected to—and isolated from—your process, impacts (i) the consequences that occur when other elements of your process fail, (ii) the number of layers of protection in place for other hazards in the facility, and (iii) the risk ranking associated with all of these scenarios. So, yes, you can check the box and move on after evaluating cause, but there really is still quite a bit more risk assessment to do.
At best, if you focus on the cause alone, you’re assessing half of the work you need to do to ensure the valve works properly and interacts safely within the system.
If installed properly, just changing the valve out should eliminate the risk of the part failing, but it could cause a domino effect of other risks that go well beyond that circled red cloud on the P&ID. For instance, what if that simple valve was originally designed to guard against building pressure in a reactor? By changing the valve, you must be able to determine if the new valve will open as quickly as the old valve to relieve said pressure. If it can’t, you have a major operational risk on your hands—you’ve taken what was once an effective safeguard and rendered it ineffective.
In other words, it’s a small change, but it’s not necessarily a simple one.
It’s not uncommon for a midsize company to do 500 or more of these small changes every year. Again, they are implemented to improve production, but they can affect safety in nonintuitive ways. And as we all know, when someone or an organization has regular tasks to do that can be considered tedious or time-consuming, “busy work” even, the chance for error or taking a shortcut to move on to the next “real” responsibility is more likely.
The last thing anyone wants is to have to shut down any process. While we are never against tripping a process in the event there is a potentially hazardous event, an organization must understand that doing so can lead to a heightened degree of risk from restarting the operation. It’s much better to catch risks before they materialize.
Every action has an equal and opposite reaction, and that holds true for the Management of Change process as well.
MoCs are not performed to make operations safer—that’s what Hazard and Operability studies (HAZOPs), Failure Mode & Effects Analysis (FMEA) and other risk studies are designed to do. MOCs on the other hand, focus on increasing production and, if performed properly, profitability as well.
There are four areas to address in a risk assessment: cause, consequence, safeguard and risk. When changing out a part, one of the biggest mistakes we see in MOCs is that the organization focuses on one of those risk assessments, but, in fact, there could be multiple areas that need to be addressed. A simple way to understand this is through another software example. Say, someone decides to change computers in the building from PCs to Macs because the old PCs are just getting slower and slower. Trying to load a simple spreadsheet takes minutes instead of seconds. OK, there’s nothing wrong with speeding up your computer processes. Except, what if your software providers don’t offer Mac applications? You’ve just created a new problem that didn’t exist even though you solved another problem.
Regardless of how many red clouds you add to your P&ID, there are limitless red flags (i.e., risks) that could emerge if you’re not thorough with managing the change properly.
Here Are Five Ways to Improve Your MOC Process
- Ideally, you don’t want to start off with a blank-sheet risk assessment. Instead, you should use the data from the original as a starting point. In some cases, it may be possible to update the original study. In many cases, that original risk assessment has a lot of the discussion points about why you decided to make the change in the first place. If it’s not possible to use it because it’s blocked or archived, etc., try using the data from the original process as a starting point.
- Make sure you learn how the new equipment can malfunction and potentially create new hazards. This is the “cause” part of the equation, which is the part that is most common in Hazard and Operability studies (HAZOPs).
- Go back through the risk assessment and look for all the scenarios—whether they are in the scope of the MOC or not—and locate those scenarios where the equipment you’re replacing is used as a safeguard. If it is, then you need to review each of those scenarios and reassess the risk taking the modified safeguard into account.
- While revisiting the risk assessment, figure out which scenarios or consequences were developed by taking features of the changed equipment into account. This is often the most difficult part of the MOC, but it’s easier to do if you have well-documented scenarios. It will take extra work to find the scenarios if the documentation is less than satisfactory.
- If you complete those first four steps properly, and understand what new hazards exist or what existing hazards have changed or been eliminated as a result of your MOC, you have a much better understanding of the overall risk your facility faces. You’ve gone beyond just the change and can then see all the changes.
If you complete all those steps, you won’t have to think the change makes things better; you’ll know it for a fact.
John Crosman has been a process safety consultant with Sphera for more than a dozen years, and has led the team of process safety consultants for about 10 years. An accomplished facilitator, Crosman has led PHA teams to complete many large-scale risk assessments covering hundreds of P&IDs across many key industries, and in most parts of the world. His experience also covers the broader risk management framework with understanding of such important activities as incident management, management of change and tracking of risk assessment actions.